Duo MFA Bypass in 5.1.4 not working as expected

16 views

Skip to first unread message

Adam Causey

unread,

Sep 21, 2017, 11:24:34 AM9/21/17

to cas-...@apereo.org

I'm running into an issue in CAS 5.1.4 with the Duo MFA bypass not working as anticipated. I have the following set in my cas.properties:

cas.authn.mfa.duo[0].bypass.principalAttributeName=groupMembership
cas.authn.mfa.duo[0].bypass.principalAttributeValue=uid=

admin_users

,ou=Group,dc=

example,

dc=

com

When I login with a user in the group then they do not see the Duo screen (as expected). However, if I login with a user that is not in that group they also do not see the Duo screen. From my understanding users that are in that group are allowed to bypass but no one else.

Is this how the bypass works? If not, how can I only allow users in a certain LDAP group to bypass MFA?

Thanks!

-Adam

Reply all

Reply to author

Forward

0 new messages